Update the certificate passwords in BEMS Skip Navigation
  1. BlackBerry Docs
  2. BlackBerry Enterprise Mobility Server 3.5
  3. Configuring BEMS-Core
  4. Importing and configuring certificates
  5. Replacing the autogenerated SSL certificate
  6. Steps to replace the autogenerated SSL certificate with a self-signed certificate for one BEMS node
  7. Update the certificate passwords in BEMS

Update the certificate passwords in 
BEMS

For 
BEMS
 to access your certificate private key, you must include the challenge password in the jetty.xml file. The password must be obfuscated. This can be done with the 
BEMS
 SSL Tech Tool. For instructions, visit support.blackberry.com/community to read article 41823.
On the computer that hosts 
BEMS
, download the 
BEMS
 Tech Tools and extract the sslcert folder. You can download the 
BEMS
 Tech Tools here.
  1. Generate the obfuscated challenge password for your serverkey certificate private key and keystore password.
    When you run the 
    BEMS
     SSL Tech Tool to obfuscate the password, the 
    BEMS
     SSL Tech Tool generates a new gems.jks file. You can then delete the gems.jks file that the tool generates. The 
    BEMS
     SSL Tech Tool also generates a log file, SelfSignCertificate.log.0, for review. This file contains the same information as the screen outputs.
    1. In a command prompt, navigate to the extracted sslcert utility folder.
    2. Type 
      sslcert.bat <
      mykeypassword
      > <
      mystorepassword
      > <
      fqdn of BEMS host
      >
      For example: 
      sslcert.bat mykeypassword mystorepassword bemshost.example.com
    3. Copy the screen outputs to a text file for later reference. 
  2. Backup the jetty.xml file. By default the jetty.xml file is located at 
    <
    drive
    >:\Program Files\BlackBerry\BlackBerry Enterprise Mobility Server\Good Server Distribution\gems-quickstart-<
    version
    >\etc
    .
  3. Update the 
    keyStorePassword
    trustStorePassword
    , and 
    keyManagerPassword
     in the jetty.xml file with the obfuscated password. For examples, see Jetty.xml file reference.
    1. In a text editor, open the jetty.xml file.
    2. Locate the <New class="org.eclipse.jetty.util.ssl.SslContextFactory" id="sslContextFactory"> section.
    3. Locate the <Set name=”KeyStorePassword”> and <Set name=”TrustStorePassword”> elements and update them with the obfuscated passwords from the sslcert text outputs, Key Store Password and Trust Store Password, respectively. The text outputs are the obfuscated values of the keystore password, referenced as <
      mystorepassword
      > in step 1b.
    4. Locate the <Set name=”KeyManagerPassword”> element and update it with the new obfuscated password from the sslcert text output, Key Manager Password. The text output is the obfuscated value of the keypass password, referenced as <
      mykeypassword
      > in step 1b. 
  4. Start the 
    Good Technology Common Services
     service from the 
    Windows
     Service Manager.
  5. Test the new certificate by accessing the 
    BEMS
     Dashboard in a browser. Its certificate information now reflects the newly imported certificated.